Commit ab6d74da authored by Thong Kuah's avatar Thong Kuah

Only create new service account with cluster-admin clusterrolebinding for when...

Only create new service account with cluster-admin clusterrolebinding for when we have the rbac cluster FF enabled.

This syncs up with `authorization_type`.
parent 7a4d74ed
...@@ -25,8 +25,10 @@ module Clusters ...@@ -25,8 +25,10 @@ module Clusters
private private
def create_gitlab_service_account! def create_gitlab_service_account!
if rbac_clusters_feature_enabled?
Clusters::Gcp::Kubernetes::CreateServiceAccountService.new(kube_client).execute Clusters::Gcp::Kubernetes::CreateServiceAccountService.new(kube_client).execute
end end
end
def configure_provider def configure_provider
provider.endpoint = gke_cluster.endpoint provider.endpoint = gke_cluster.endpoint
...@@ -49,7 +51,11 @@ module Clusters ...@@ -49,7 +51,11 @@ module Clusters
end end
def authorization_type def authorization_type
Feature.enabled?(:rbac_clusters) ? 'rbac' : 'abac' rbac_clusters_feature_enabled? ? 'rbac' : 'abac'
end
def rbac_clusters_feature_enabled?
Feature.enabled?(:rbac_clusters)
end end
def kube_client def kube_client
......
...@@ -28,6 +28,10 @@ describe Clusters::Gcp::FinalizeCreationService do ...@@ -28,6 +28,10 @@ describe Clusters::Gcp::FinalizeCreationService do
end end
end end
before do
stub_feature_flags(rbac_clusters: false)
end
context 'when suceeded to fetch gke cluster info' do context 'when suceeded to fetch gke cluster info' do
let(:endpoint) { '111.111.111.111' } let(:endpoint) { '111.111.111.111' }
let(:api_url) { 'https://' + endpoint } let(:api_url) { 'https://' + endpoint }
...@@ -45,8 +49,6 @@ describe Clusters::Gcp::FinalizeCreationService do ...@@ -45,8 +49,6 @@ describe Clusters::Gcp::FinalizeCreationService do
) )
stub_kubeclient_discover(api_url) stub_kubeclient_discover(api_url)
stub_kubeclient_create_service_account(api_url)
stub_kubeclient_create_cluster_role_binding(api_url)
end end
context 'when suceeded to fetch kuberenetes token' do context 'when suceeded to fetch kuberenetes token' do
...@@ -59,8 +61,6 @@ describe Clusters::Gcp::FinalizeCreationService do ...@@ -59,8 +61,6 @@ describe Clusters::Gcp::FinalizeCreationService do
metadata_name: 'gitlab-token-Y1a', metadata_name: 'gitlab-token-Y1a',
token: Base64.encode64(token) token: Base64.encode64(token)
} ) } )
stub_feature_flags(rbac_clusters: false)
end end
it_behaves_like 'success' it_behaves_like 'success'
...@@ -83,6 +83,8 @@ describe Clusters::Gcp::FinalizeCreationService do ...@@ -83,6 +83,8 @@ describe Clusters::Gcp::FinalizeCreationService do
context 'rbac_clusters feature enabled' do context 'rbac_clusters feature enabled' do
before do before do
stub_feature_flags(rbac_clusters: true) stub_feature_flags(rbac_clusters: true)
stub_kubeclient_create_service_account(api_url)
stub_kubeclient_create_cluster_role_binding(api_url)
end end
it_behaves_like 'success' it_behaves_like 'success'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment